If you’ve shopped at GameStop.com between mid-September and early February, it’s possible your credit card information has been compromised according to a report by the web security blog, KrebsOnSecurity.

After reaching out to the video game retailer about the breach, GameStop confirmed to KrebsOnSecurity that it had been notified by a third party that possible payment card data used for purchases on the company’s internet storefront were being sold on another website.

“That day a leading security firm was engaged to investigate these claims. Gamestop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified,” the company said in its statement to Krebs.

Krebs is also reporting that CVV2s, the three-digit security codes on the backs of credit cards, are among the information that was stolen in addition to credit card numbers, expiration dates, and addresses. CVV2 information isn’t supposed to be stored by online stores, but hackers can use malicious software to copy the data before it’s encrypted and processed.

“We regret any concern this situation may cause for our customers,” GameStop said in its statement to Krebs. “GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges.”